PC World is reporting that some security researchers in Germany have managed to get access to passwords stored in a locked iPhone by bypassing iPhone’s passcode lock.
The researchers have apparently used existing exploits that allows a hacker to access an iPhone’s file system even if it is locked.
In a video that demonstrates the attack, the researchers first jailbreak the phone using existing software tools. They then install an SSH server on the iPhone that allows software to be run on the phone.
The third step is to copy a keychain access script to the phone. The script uses system functions already in the phone to access the keychain entries and, as a final step, outputs the account details it discovers to the attacker.
The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said. This means attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode.
The researchers were able to decrypt the passwords stored in the keychain to get access to passwords for Gmail accounts, Microsoft Exchange accounts, voicemail access, VPN and Wi-Fi passwords, as well as some applications passwords.
Researchers at the state-sponsored Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) have the following advice for users of a lost or stolen iOS device:
Owner’s of a lost or stolen iOS device should therefore instantly initiate a change of all stored passwords.
Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts.
Let’s hope that Apple addresses this issue so that even though someone can gain unauthorized access to an iOS device, they can’t decrypt the passwords stored in the keychain.
[via PC World]